Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cloud Java APIs should work with a local Cloud SDK with GAE Standard. #1500

Closed
ludoch opened this issue Jan 5, 2017 · 25 comments
Closed

Cloud Java APIs should work with a local Cloud SDK with GAE Standard. #1500

ludoch opened this issue Jan 5, 2017 · 25 comments
Assignees
Labels
api: storage Issues related to the Cloud Storage API. running on app engine

Comments

@ludoch
Copy link
Contributor

ludoch commented Jan 5, 2017

With the following code in my Java Servlet:

   Storage storage = StorageOptions.getDefaultInstance().getService();
   
   
    String bucketName = "rdayalcloudtest"; // Change this to something unique
    Bucket bucket = storage.create(BucketInfo.of(bucketName));

    // Upload a blob to the newly created bucket
    BlobId blobId = BlobId.of(bucketName, "my_blob_name");
    Blob blob = bucket.create(
        "my_blob_name " + request.hashCode(), "a simple blob".getBytes(UTF_8), "text/plain");

I receive the following exception when attempting to test the code locally, using DevAppServer2:

Problem accessing /hello. Reason:

access denied ("java.io.FilePermission" "/Users/ludo/.config/gcloud/active_config" "read")

Caused by:

java.security.AccessControlException: access denied ("java.io.FilePermission" "/Users/ludo/.config/gcloud/active_config" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at com.google.appengine.tools.development.devappserver2.DevAppServer2Factory$CustomSecurityManager.checkPermission(DevAppServer2Factory.java:232)
at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
at java.io.FileInputStream.(FileInputStream.java:127)
at com.google.common.io.Files$FileByteSource.openStream(Files.java:125)
at com.google.common.io.Files$FileByteSource.openStream(Files.java:115)
at com.google.common.io.ByteSource$AsCharSource.openStream(ByteSource.java:420)
at com.google.common.io.CharSource.openBufferedStream(CharSource.java:91)
at com.google.common.io.CharSource.readFirstLine(CharSource.java:168)
at com.google.common.io.Files.readFirstLine(Files.java:513)
at com.google.cloud.ServiceOptions.activeGoogleCloudConfig(ServiceOptions.java:354)
at com.google.cloud.ServiceOptions.googleCloudProjectId(ServiceOptions.java:372)
at com.google.cloud.ServiceOptions.getDefaultProject(ServiceOptions.java:348)
at com.google.cloud.ServiceOptions.(ServiceOptions.java:281)
at com.google.cloud.HttpServiceOptions.(HttpServiceOptions.java:179)
at com.google.cloud.storage.StorageOptions.(StorageOptions.java:69)
at com.google.cloud.storage.StorageOptions.(StorageOptions.java:27)
at com.google.cloud.storage.StorageOptions$Builder.build(StorageOptions.java:64)
at com.google.cloud.storage.StorageOptions.getDefaultInstance(StorageOptions.java:99)
at com.example.HelloAppEngine.doGet(HelloAppEngine.java:40)

@lesv
Copy link
Contributor

lesv commented Jan 10, 2017

Is this the right place to report this? I think this is an issue with the Java SDK.

@garrettjonesgoogle garrettjonesgoogle added api: storage Issues related to the Cloud Storage API. running on app engine labels Jan 11, 2017
@roku6185
Copy link

I'm having the same problem after updating our maven plugin to:

<plugin>
  <groupId>com.google.cloud.tools</groupId>
  <artifactId>appengine-maven-plugin</artifactId>
  <version>1.0.0</version>
</plugin>

I also filed a ticket in the Google Cloud Support Center.

@roku6185
Copy link

I solved it by renaming the gcloud directory:

$ mv ~/.config/gcloud ~/.config/gcloud_backup

When I started my java service after this fix everything worked okay.

@ludoch
Copy link
Contributor Author

ludoch commented Jan 12, 2017

Les: GAE standard current sandbox rules (for Java7, lifted on Java8) does not allow a web application to read local file...
The Cloud Java library if running locally should find a way to get the metadata info it needs (project ID, project version etc) in another way than reading local file... (env var, syst prop, GAE API,...)

@lesv
Copy link
Contributor

lesv commented Jan 12, 2017

@GoogleCloudPlatform/cloud-tools-for-java FYI - indirectly affects you.

@ludoch Try adding:

   <dependency>
      <groupId>com.google.api-client</groupId>
      <artifactId>google-api-client-appengine</artifactId>
      <version>1.21.0</version>
    </dependency>

@garrettjonesgoogle @anthmgoogle We need to do this right for GAE Standard as we get gRPC working there.

@garrettjonesgoogle
Copy link
Member

Based on the code flow in https://github.com/GoogleCloudPlatform/google-cloud-java/blob/master/google-cloud-core/src/main/java/com/google/cloud/ServiceOptions.java#L336 , if the app engine project id is found in appEngineProjectId(), then googleCloudProjectId() won't be called. Thus, something is going wrong with detecting that this is an app engine use case.

@ludoch
Copy link
Contributor Author

ludoch commented Jan 14, 2017 via email

@ludoch
Copy link
Contributor Author

ludoch commented Mar 8, 2017

Customer is now escalating the issue with Google support.

@shinfan shinfan self-assigned this Mar 9, 2017
@shinfan
Copy link
Contributor

shinfan commented Mar 9, 2017

Update: I was able to reproduce this issue with my own GAE app. Will investigate.

@shinfan
Copy link
Contributor

shinfan commented Mar 9, 2017

@lesv It looks like that the reflection method raises ClassNotFound exception here while running with GAE dev server. Do you know who should I talk to regading this issue?

@lesv
Copy link
Contributor

lesv commented Mar 10, 2017

@garrettjonesgoogle Is probably the right person.

@Orbyt
Copy link

Orbyt commented Mar 10, 2017

I have run into an AccessControlException as well when trying to use google-cloud-java to access Cloud Storage.

As specified here, after executing gcloud auth application-default login the path to the /Users/example/.config/gcloud/application_default_credentials.json is returned. Running my App Engine application locally after executing the above command still produces an AccessControlException.

Additionally, manually calling .setCredentials(), such as:

Storage storage = StorageOptions.newBuilder()
            .setCredentials(ServiceAccountCredentials.fromStream(new FileInputStream("/Users/example/.config/gcloud/application_default_credentials.json")))
            .build()
            .getService();

also does not work, and produces the same AccessControlException.

So given that other users are having a similar issue, should I assume this is not an issue with my own code? Or am I doing something incorrectly here?

@Orbyt
Copy link

Orbyt commented Mar 10, 2017

Continuing from my above comment, I have now also tried setting a GOOGLE_APPLICATION_CREDENTIALS to the path returned from gcloud auth application-default login, however the same AccessControlException is thrown.

EDIT: Following https://developers.google.com/identity/protocols/application-default-credentials more closely, I generated a service account key as described in item "1." and set the value of GOOGLE_APPLICATION_CREDENTIALS to the path of that downloaded .json file, but the issue persists.

@ludoch
Copy link
Contributor Author

ludoch commented Mar 10, 2017

What I could try to do is enable read permission for ~/.config only in the devappserver.

@lesv
Copy link
Contributor

lesv commented Mar 10, 2017

Garrett told me last night that Shin had gotten further, so I didn't look at this again.

@Orbyt You should rarely need to use setCredentials() -- typically it's used for x-project access, a limited scope service account, or to use from a non-google datacenter. For most other cases defaultAuth should work. In your case, passing the credentials created by gcloud is incorrect - you need to pass credentials obtained from https://console.cloud.google.com -- why don't you create a new issue, and mention me in it and I'll help you out.

@shinfan
Copy link
Contributor

shinfan commented Mar 10, 2017

@Orbyt @ludoch

appEngineProjectId() uses reflection to retrieve the project ID of GAE application, the access control exception is misleading since googleCloudProjectId() should not be called under GAE environment.

Adding the following dependency to my application solves this issue:

<!-- https://mvnrepository.com/artifact/com.google.appengine/appengine-java-sdk -->
<dependency>
    <groupId>com.google.appengine</groupId>
    <artifactId>appengine-java-sdk</artifactId>
    <version>1.9.50</version>
</dependency>

@ludoch
Copy link
Contributor Author

ludoch commented Mar 10, 2017

There is no such artifact appengine-java-sdk... What did you really add?

@shinfan
Copy link
Contributor

shinfan commented Mar 10, 2017

@ludoch
Copy link
Contributor Author

ludoch commented Mar 10, 2017 via email

@shinfan
Copy link
Contributor

shinfan commented Mar 10, 2017

No, we should not need to access the gcloud config. According to the code flow, getAppEngineProjectId() should be able find the correct project ID through standard GAE API.

@Orbyt
Copy link

Orbyt commented Mar 10, 2017

@shinfan @ludoch That dependency is already added by default when using the Java GAE quickstart.

It does not solve this issue. #1731 Provides some more information on my specific case, if needed.

@shinfan
Copy link
Contributor

shinfan commented Mar 13, 2017

Customer confirmed that the issue has been solved on his end. Closing this issue now.

@rdayal
Copy link

rdayal commented Mar 27, 2017

@shinfan how come we closed this? What's the actual fix?

@shinfan
Copy link
Contributor

shinfan commented Mar 27, 2017

@rdayal There is nothing to fix from our side. The issue was caused by a missing dependency and the customer has confirmed things now working. See #1731

Confirm with @Orbyt

@rdayal
Copy link

rdayal commented Mar 27, 2017

Thanks, the reason this had been filed on this side is that I had run into this issue independently, and filed an internal bug about it. I wasn't following the other thread. I'll mark the other bug as closed.

github-actions bot pushed a commit that referenced this issue Jul 27, 2022
Source-Link: googleapis/synthtool@48f8857
Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-java:latest@sha256:b47e411068ffc6e6990cb4e0802fbac9a4488dec7f5f424553518ba21abea208
github-actions bot pushed a commit that referenced this issue Jul 27, 2022
Source-Link: googleapis/synthtool@48f8857
Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-java:latest@sha256:b47e411068ffc6e6990cb4e0802fbac9a4488dec7f5f424553518ba21abea208
github-actions bot pushed a commit that referenced this issue Jul 27, 2022
Source-Link: googleapis/synthtool@48f8857
Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-java:latest@sha256:b47e411068ffc6e6990cb4e0802fbac9a4488dec7f5f424553518ba21abea208
github-actions bot pushed a commit that referenced this issue Jul 27, 2022
Source-Link: googleapis/synthtool@48f8857
Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-java:latest@sha256:b47e411068ffc6e6990cb4e0802fbac9a4488dec7f5f424553518ba21abea208
github-actions bot pushed a commit that referenced this issue Jul 27, 2022
Source-Link: googleapis/synthtool@48f8857
Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-java:latest@sha256:b47e411068ffc6e6990cb4e0802fbac9a4488dec7f5f424553518ba21abea208
github-actions bot pushed a commit that referenced this issue Jul 27, 2022
Source-Link: googleapis/synthtool@48f8857
Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-java:latest@sha256:b47e411068ffc6e6990cb4e0802fbac9a4488dec7f5f424553518ba21abea208
github-actions bot pushed a commit that referenced this issue Jul 27, 2022
Source-Link: googleapis/synthtool@48f8857
Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-java:latest@sha256:b47e411068ffc6e6990cb4e0802fbac9a4488dec7f5f424553518ba21abea208
github-actions bot pushed a commit that referenced this issue Jul 27, 2022
Source-Link: googleapis/synthtool@48f8857
Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-java:latest@sha256:b47e411068ffc6e6990cb4e0802fbac9a4488dec7f5f424553518ba21abea208
github-actions bot pushed a commit that referenced this issue Aug 9, 2022
Source-Link: googleapis/synthtool@48f8857
Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-java:latest@sha256:b47e411068ffc6e6990cb4e0802fbac9a4488dec7f5f424553518ba21abea208
github-actions bot pushed a commit that referenced this issue Oct 4, 2022
🤖 I have created a release *beep* *boop*
---


## [2.3.15](https://togithub.com/googleapis/java-bigquerydatatransfer/compare/v2.3.14...v2.3.15) (2022-10-03)


### Dependencies

* Update dependency cachetools to v5 ([#1511](https://togithub.com/googleapis/java-bigquerydatatransfer/issues/1511)) ([b95ccc8](https://togithub.com/googleapis/java-bigquerydatatransfer/commit/b95ccc8d07c7fc5b6f50917560304bf7d1db8b02))
* Update dependency certifi to v2022.9.24 ([#1497](https://togithub.com/googleapis/java-bigquerydatatransfer/issues/1497)) ([8280ad9](https://togithub.com/googleapis/java-bigquerydatatransfer/commit/8280ad9d94f44c41dbc57aef7007359fa43a65ec))
* Update dependency charset-normalizer to v2.1.1 ([#1501](https://togithub.com/googleapis/java-bigquerydatatransfer/issues/1501)) ([7f61538](https://togithub.com/googleapis/java-bigquerydatatransfer/commit/7f6153862f189554d10b82b755dcccb9f24c3044))
* Update dependency click to v8.1.3 ([#1502](https://togithub.com/googleapis/java-bigquerydatatransfer/issues/1502)) ([d315f8e](https://togithub.com/googleapis/java-bigquerydatatransfer/commit/d315f8e433a64f1a1e4673688991b807285f5435))
* Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.4 ([#1523](https://togithub.com/googleapis/java-bigquerydatatransfer/issues/1523)) ([5eb622d](https://togithub.com/googleapis/java-bigquerydatatransfer/commit/5eb622d8bcf05a9852c342a73d119e4d703a0c27))
* Update dependency com.google.protobuf:protobuf-java-util to v3.21.7 ([#1521](https://togithub.com/googleapis/java-bigquerydatatransfer/issues/1521)) ([7bb94b7](https://togithub.com/googleapis/java-bigquerydatatransfer/commit/7bb94b735d7822337f5f6b671b425081f4822813))
* Update dependency gcp-releasetool to v1.8.8 ([#1498](https://togithub.com/googleapis/java-bigquerydatatransfer/issues/1498)) ([9801601](https://togithub.com/googleapis/java-bigquerydatatransfer/commit/9801601eacc79432efa9ce243af8bda87bdeadb2))
* Update dependency google-cloud-core to v2.3.2 ([#1499](https://togithub.com/googleapis/java-bigquerydatatransfer/issues/1499)) ([1e73bff](https://togithub.com/googleapis/java-bigquerydatatransfer/commit/1e73bfffe09f8ae7f5216e8e4cd3e7d4aa520893))
* Update dependency googleapis-common-protos to v1.56.4 ([#1500](https://togithub.com/googleapis/java-bigquerydatatransfer/issues/1500)) ([3b4b24c](https://togithub.com/googleapis/java-bigquerydatatransfer/commit/3b4b24ccff9a199f78c8e48ea73e7c04f4e2bb5e))
* Update dependency jinja2 to v3.1.2 ([#1503](https://togithub.com/googleapis/java-bigquerydatatransfer/issues/1503)) ([4864061](https://togithub.com/googleapis/java-bigquerydatatransfer/commit/48640616122833134b28e42bc689109849a77279))
* Update dependency keyring to v23.9.3 ([#1504](https://togithub.com/googleapis/java-bigquerydatatransfer/issues/1504)) ([cc523de](https://togithub.com/googleapis/java-bigquerydatatransfer/commit/cc523de50fefe993dbfbedbebbbd5a9754071342))
* Update dependency markupsafe to v2.1.1 ([#1505](https://togithub.com/googleapis/java-bigquerydatatransfer/issues/1505)) ([1e0ba5e](https://togithub.com/googleapis/java-bigquerydatatransfer/commit/1e0ba5e094f98858affb53f77ceb61eff677b7cd))
* Update dependency protobuf to v3.20.2 ([#1506](https://togithub.com/googleapis/java-bigquerydatatransfer/issues/1506)) ([7a1e267](https://togithub.com/googleapis/java-bigquerydatatransfer/commit/7a1e267ce2a02b9c506769de09bfefc76d103cb8))
* Update dependency protobuf to v4 ([#1512](https://togithub.com/googleapis/java-bigquerydatatransfer/issues/1512)) ([12c0c67](https://togithub.com/googleapis/java-bigquerydatatransfer/commit/12c0c67819a05f4bafab1c280fd3a8b15ee0193b))
* Update dependency pyjwt to v2.5.0 ([#1507](https://togithub.com/googleapis/java-bigquerydatatransfer/issues/1507)) ([98f2d58](https://togithub.com/googleapis/java-bigquerydatatransfer/commit/98f2d580e1a78aeeebbbc5db8d2b99461255b86f))
* Update dependency requests to v2.28.1 ([#1508](https://togithub.com/googleapis/java-bigquerydatatransfer/issues/1508)) ([9906ca8](https://togithub.com/googleapis/java-bigquerydatatransfer/commit/9906ca8c8a67390106b524d561f1e973126aecfa))
* Update dependency typing-extensions to v4.3.0 ([#1509](https://togithub.com/googleapis/java-bigquerydatatransfer/issues/1509)) ([2d7eb9f](https://togithub.com/googleapis/java-bigquerydatatransfer/commit/2d7eb9f93181fbf183ae2d633fdc63748c82110e))
* Update dependency zipp to v3.8.1 ([#1510](https://togithub.com/googleapis/java-bigquerydatatransfer/issues/1510)) ([dd98eef](https://togithub.com/googleapis/java-bigquerydatatransfer/commit/dd98eef23cdbac8b9c365504c2456776bed786a9))

---
This PR was generated with [Release Please](https://togithub.com/googleapis/release-please). See [documentation](https://togithub.com/googleapis/release-please#release-please).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
api: storage Issues related to the Cloud Storage API. running on app engine
Projects
None yet
Development

No branches or pull requests

8 participants